[Integration Testing] Allow tests to declare themselves as needing a FIPS environment #8083
Conversation
ycombinator
added
Team:Elastic-Agent-Control-Plane
|
Pinging @elastic/elastic-agent-control-plane (Team:Elastic-Agent-Control-Plane) |
ycombinator
force-pushed
the
it-fips-tests-define
branch
2 times, most recently
from
5d1d086 to
2298ba1
Compare
ycombinator
force-pushed
the
it-fips-tests-define
branch
from
2298ba1 to
af47ee9
Compare
ycombinator
requested review from
blakerouse and
michel-laterman
and removed request for
michalpristas and
blakerouse
There was a problem hiding this comment.
lgtm; assuming the TLS fix is backported to 1.24.
Also, I have another PR that should use a custom image related with the PR for integration tests: #8035 I think the FIPS testing should run with those deployments
|
Is there a specific reason for the FIPS integration test not to be defined in their own package and run independently from the melting pot that is the |
In terms of definition, there is no reason to keep the FIPS tests in the In terms of running, the FIPS tests will run independently of the other integration tests, on their own FIPS-configured VM. Since there is a bit of an urgency for the FIPS work, I suggest we move this refactoring discussion to it's own issue so we can properly discuss it with the team and proceed accordingly. [EDIT] Created issue for discussion: #8087 |
|
There is overlap between the Buildkite pipeline parts of this PR and what @michel-laterman has done in #8035. We sync'd up about this and decided that we'll keep all the Buildkite changes in #8035 so I'm going to remove those bits from this PR here. |
ycombinator
force-pushed
the
it-fips-tests-define
branch
from
58543e8 to
62ac705
Compare
|
💛 Build succeeded, but was flaky
Failed CI StepsHistory
cc @ycombinator |
* upstream/main: Guard against `nil` pointer dereference (elastic#8107) Generate NOTICE.txt with only modules used by binaries (elastic#8053) Retry enrollment requests when an error is returned, add enrollment timeout (elastic#8056) Changelog for 8.17.6 version (elastic#8062) (elastic#8106) [main][Automation] Update versions (elastic#8098) Allow using beats receivers for self-monitoring (elastic#8031) Adding new configuration setting: `agent.upgrade.rollback.window` (elastic#8065) [Integration Testing] Allow tests to declare themselves as needing a FIPS environment (elastic#8083) fix(agentless): overcome SIGPIPE in agentless promotion pipeline (elastic#8094) ksm autosharing integration configuration update (elastic#8086)
…FIPS environment (#8083) (#8095) * Define FIPS requirement field * Implement FIPS filter in testmain (cherry picked from commit 89902d1) Co-authored-by: Shaunak Kashyap <[email protected]>
What does this PR do?
This PR allows integration tests to declare that they should be run in a FIPS-configured environment, e.g. a Linux VM with OpenSSL configured with the FIPS provider.
Further, the Buildkite pipeline for running integration tests is updated with a new group for running these FIPS integration tests. Note the
FIXMEs and commented out sections of the Buildkite pipeline in this PR; they will need to be addressed when a FIPS-configured VM image and an FRH ECH environment are available.Why is it important?
To allow FIPS-related integration tests to declare themselves as needing a FIPS environment, so they can be run in a FIPS-configured environment against an FRH ECH environment.
Checklist
I have made corresponding changes to the documentationI have made corresponding change to the default configuration filesI have added tests that prove my fix is effective or that my feature worksI have added an entry in./changelog/fragmentsusing the changelog toolI have added an integration test or an E2E testDisruptive User Impact
None; this PR enhances the integration testing framework.